Global Internet Security Threat Landscape 2018

ITU Workshop on Advanced Cyber Security Attacks and Ransomware

Thomas Hemker, CISSP, CISM, CISADirector Security Strategy, CTO Office - Symantec

Thomas Hemker, CISSP, CISM, CISA

23 Years IT-SecurityPGP

CTO OfficeCISO ContactpersonSpeaker, Author

ISF, TeleTrust, Bitkom, ENISAISACA, (ISC)2, HDG

Hamburg#THeSecurity(LinkedIn, XING, ResearchGate, noFB)

Thomas_Hemker@symantec.com

https://www.symantec.com/security-centerhttps://www.symantec.com/security_response/publications/monthlythreatreport.jsp@threatintel

Threats

Other

Email

Network & Web

Ransomware

Advanced Malware

SpamMalicious Websites

Spear-Phishing attacks

Endpoints

Negligent Employee

Big Numbers

Some Key Findingso Cryptojacking Attacks Explode by

8,500 Percent

o Implanted Malware Grows by 200 Percent, Compromising Software Supply Chain

o Mobile Malware Continues to Surge

o Business-Savvy Cyber Criminals Price Ransomware for Profit

o Majority of Targeted Attackers Use Single Method to Infect Victims

Crypto Jacking Predictions

TARGETING

ORGANIZATIONS

Targeting of corporate

or organizational

networks in order to

harness the power of

servers or

supercomputers.

CLOUD HIJACKING

Cloud services offer

the possibility of high-

powered mining. This

has a possible

financial impact on

cloud customers

where they pay based

on CPU usage.

BOTNETS

Distributed mining,

either through

conventional botnets

of malware-infected

computers and IoT

devices or browser-

based coinminers,

hosted on websites.

Living off the Land

Definition: Living off the landOnly pre-installed software is used by the attacker and no additional binary executables are installed onto the system

Fileless AttacksMemory Only AttacksDual- Use ToolsTargeted Attack Groups

Supply Chain Attacks

Cybercrime Trends

RansomwareDetections stable at 1,242 per day in 2017 (-2%)Downloader detections increased by 92%46% increase in new ransomware variantsAverage ransom down to $522 from $1,070

Shift to other attacksTo coin mining e.g. VenusLocker shifted from ransomware to crypto miningTo financial Trojans e.g. Emotet activity increased by 2,000% in Q4

Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only

Ransomware

• The advent of worm-type ransomware is a new and highly disruptive avenue of attack

• Businesses in particular are most at risk to worm-type threats, which can spread in minutes across poorly secured networks

• Infection numbers are continuing to trend upwards, powered by the WannaCry and Petya outbreaks

• Average ransom appears to have stabilized at $544, indicating attackers may have found their “sweet spot”

• The U.S. is still the country most affected by ransomware, followed by Japan, Italy, India, Germany, Netherlands, UK, Australia, Russia, and Canada

$0

$200

$400

$600

$800

$1,000

$1,200

2014 2015 2016 2017 (to date)

0

20

40

60

80

100

120

2014 2015 2016 2017 (to date)

Families

Ransom

34% - 64%

https://www.symantec.com/security-centerhttps://www.symantec.com/security_response/publications/monthlythreatreport.jsp@threatintel